Vulnerabilities > Elementor > Website Builder > 3.0.15
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-02-20 | CVE-2024-13445 | Cross-site Scripting vulnerability in Elementor Website Builder The Elementor Website Builder – More Than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the border, margin and gap parameters in all versions up to, and including, 3.27.4 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-10-15 | CVE-2024-6757 | Unspecified vulnerability in Elementor Website Builder The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Basic Information Exposure in all versions up to, and including, 3.23.5 via the get_image_alt function. | 4.3 |
| 2024-09-11 | CVE-2024-5416 | Cross-site Scripting vulnerability in Elementor Website Builder The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the url parameter of multiple widgets in all versions up to, and including, 3.23.4 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-07-09 | CVE-2024-37437 | Path Traversal vulnerability in Elementor Website Builder Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Elementor Elementor Website Builder allows Cross-Site Scripting (XSS), Stored XSS.This issue affects Elementor Website Builder: from n/a through 3.22.1. | 5.4 |
| 2024-06-11 | CVE-2023-33922 | Unspecified vulnerability in Elementor Website Builder Missing Authorization vulnerability in Elementor Elementor Website Builder.This issue affects Elementor Website Builder: from n/a through 3.13.2. | 4.3 |
| 2024-05-21 | CVE-2024-4619 | Cross-site Scripting vulnerability in Elementor Website Builder The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the ‘hover_animation’ parameter in versions up to, and including, 3.21.4 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-05-17 | CVE-2024-24934 | Unspecified vulnerability in Elementor Website Builder Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Elementor Elementor Website Builder allows Manipulating Web Input to File System Calls.This issue affects Elementor Website Builder: from n/a through 3.19.0. | 8.1 |
| 2024-04-24 | CVE-2023-47504 | Unspecified vulnerability in Elementor Website Builder Improper Authentication vulnerability in Elementor Elementor Website Builder allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Elementor Website Builder: from n/a through 3.16.4. | 9.8 |
| 2024-04-09 | CVE-2024-2117 | Cross-site Scripting vulnerability in Elementor Website Builder The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Path Widget in all versions up to, and including, 3.20.2 due to insufficient output escaping on user supplied attributes. | 5.4 |
| 2024-03-27 | CVE-2024-2120 | Cross-site Scripting vulnerability in Elementor Website Builder The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Post Navigation widget in all versions up to, and including, 3.20.1 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |